Strategies for Securing ST 2059-2 PTP Networks

摘要

As the SMPTE ST 2059-2 standard for accurate time transfer gains further traction in real-world All-IP Studio deployments, it is important for broadcasters and system integrators alike to understand how time transfer using the IEEE 1588 Precision Time Protocol (PTP) profile as defined in the SMPTE standard could be affected by unintentional or malicious tampering of the different system parts that guarantee both stable and accurate delivery of time for all media essence based on standardized IP transports such as those defined in the SMPTE ST 2110 series or AES67 standards. Given the mission-critical nature of broadcast infrastructure, securing time distribution is rapidly becoming a mandatory requirement. Whilst ST 2059-2 defines PTP profile capabilities and PTP parameter values that can be used, it doesn't address how to secure the various parts that define the timing system as a whole. — The IEEE 1588 standard provides a certain level of fault tolerance by autonomously activating an auxiliary reference in case of loss of the primary time source. Yet, the overall synchronization performance is not sufficiently well protected by the protocol to withstand either deliberate attacks or cope with misconfigured or malfunctioning devices. Consequently, both scenarios have to be investigated in detail. This entails a thorough analysis of all the relevant threats ranging from spoofing or jamming attacks on GNSS receivers to misaligned message rates or corrupted messages to name but a few. This paper addresses possible ways how to secure different components of the timing system, ranging from the origination point of the reference clock(s) used as the primary time source(s), across the IP network infrastructure and finally to the media nodes generating or receiving ST 2110 flows. Beyond securing the timing system, special care should be taken to immediately identify any degradation and/or failures using multiple approaches that provide efficient means to correlate events. This is covered by a series of recommendations and best practices to ensure operational stability and reliability.